From be77cf1ca5e3b29b5963a1a713d33d08d04e6426 Mon Sep 17 00:00:00 2001
From: Christian Hesse <mail@eworm.de>
Date: Mon, 10 Nov 2025 11:47:55 +0100
Subject: [PATCH] global-functions: $CertificateAvailable: support new
 builtin-trust-store...

... which was introduced with RouterOS 7.21beta7.
---
 global-functions.rsc | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/global-functions.rsc b/global-functions.rsc
index eb837aa..9f92b07 100644
--- a/global-functions.rsc
+++ b/global-functions.rsc
@@ -106,11 +106,15 @@
 # check and download required certificate
 :set CertificateAvailable do={
   :local CommonName [ :tostr $1 ];
+  :local UseFor     [ :tostr $2 ];
 
   :global CertificateDownload;
+  :global EitherOr;
   :global LogPrint;
   :global ParseKeyValueStore;
 
+  :set UseFor [ $EitherOr $UseFor "undefined" ];
+
   :if ([ /system/resource/get free-hdd-space ] < 8388608 && \
        [ /certificate/settings/get crl-download ] = true && \
        [ /certificate/settings/get crl-store ] = "system") do={
@@ -123,7 +127,10 @@
     :return false;
   }
 
-  :if (([ /certificate/settings/get ]->"builtin-trust-anchors") = "trusted" && \
+  :local CertSettings [ /certificate/settings/get ];
+  :if ((($CertSettings->"builtin-trust-anchors") = "trusted" || \
+        ($CertSettings->"builtin-trust-store") ~ $UseFor || \
+        ($CertSettings->"builtin-trust-store") = "all") && \
        [[ :parse (":return [ :len [ /certificate/builtin/find where common-name=\"" . $CommonName . "\" ] ]") ]] > 0) do={
     :return true;
   }